Principal Cloud Security Engineer
SailPoint is seeking an experienced Principal Cloud Security Engineer with demonstrated competence and thought leadership capability to contribute toward the success of our cybersecurity initiatives. As a provider of both SaaS and enterprise software for some of the world’s most prestigious organizations, SailPoint strives for best-in-class security. The Principal Cloud Security Engineer will play a crucial role in engineering the cloud security strategy and technical directions applied to ensure that our cloud infrastructure, SaaS products, and data remain secure. This role will be responsible for ensuring that SailPoint’s cloud infrastructure conforms to disciplined, industry best practices for cybersecurity. This role will be responsible for evaluating new solutions and developing the supporting elements required to incorporate new technologies in a safe and secure manner.
The ideal candidate will have broad experience in cloud security across IaaS, PaaS, and SaaS environments. The candidate must be able to discuss infrastructure and application security, participate in security audits, and aid in responding to customer security questionnaires. The ideal candidate will possess hands-on experience in designing for both small and large-scale solutions with an emphasis on security, performance, scalability, and cost. They will be highly collaborative, customer-service oriented, and comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences. Additional responsibilities include implementing organizational policies and standards for cloud security and partnering with other teams to integrate cloud security best practices. This role will be a vital member of the CISO team and can be remote or based in Austin, TX.
#LI-Remote
Responsibilities:
- Implement cloud security architecture, methods, and controls required to meet security and compliance requirements.
- Design, build, and maintain tools/processes to effectively secure cloud-based environments. Maintain the health, performance, stability, tuning and ongoing planning of cloud and container security platforms.
- Deliver cloud security architecture consulting and work with teams to ensure best practices like infrastructure as code, automation, and orchestration are in place.
- Secure design of the cloud architecture and documentation of the design, configurations and associated procedures.
- Solve complex cloud security issues and protect various environments (dev/test/stage/prod) using a risk-based approach.
- Evaluates and recommend new and emerging cybersecurity products and technologies with careful documentation of technical requirements and collection of cross-functional requirements.
- Stay abreast of the threat landscape, current technologies, security compliance requirements, standards and industry trends in order to help achieve cybersecurity’s goals.
- Customize cloud compliance tools to meet operational, compliance. and risk-based needs.
- Participate in audits pertaining to our cybersecurity processes and best practices.
- Work on key areas to develop baseline cloud, container, application, and infrastructure security standards and integrate into the CI/CD pipeline.
- Implement "security as code" using cloud services and CI/CD components as necessary.
- Administration and day-to-day support of security tools sets used to secure multi-cloud environments. Automate operational activities that are part of maintaining cloud security infrastructure.
- Respond to and, when appropriate, resolve or escalate security incidents.
- Investigate and resolve security violations by providing postmortem analysis to illuminate the issue, and identify causes, possible solutions, and preventative measures.
- Provide after-hours support on a scheduled / non-scheduled basis.
Requirements:
- A solid understanding of cloud security technologies including container security, serverless security, network and application security, access management, threat detection, and data protection.
- Experiencing developing and documenting secure design, configurations, and associated procedures.
- Strong experience in analyzing, troubleshooting, and providing solutions for technical issues (problem management and issue triage).
- Cloud security architecture experience with major cloud providers: AWS (preferred), Azure, or GCP.
- Hands-on experience with Security Services in Azure, AWS or GCP such as Azure Security Center, IAM, KMS, VPC, Security Groups, AWS Inspector, GCP Security command center.
- Knowledge of industry standards and compliance frameworks: ISO, SOC, FedRAMP, NIST.
- Experience working with the following cloud and DevSecOps technologies:
- Containers (Docker, Kubernetes, or similar)
- Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
- Continuous integration (Jenkins, Bamboo, Hudson, or similar)
- Defect tracking (Jira, Bugzilla, ServiceNow , or similar)
- Integration of cybersecurity testing tools into pipeline
- Knowledge of all components of a SaaS multi-tenant product architecture
- Hands-on experience with using and debugging REST APIs
- Experience with the development, deployment, and automation of security solutions in an enterprise cloud based environment.
- Knowledge of network based, system level, and application layer attacks and mitigation methods.
- An understanding of identity federation, authentication, and authorization (SAML, OIDC, OAuth).
- Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
- Experience in requirement gathering and documentation.
- Sound judgment skills and ability to manage escalations.
- Ability to determine methods and procedures on new assignments with minimal instruction.
- Experience estimating effort and resources required for projects and working with project managers to structure projects.
- Proven experience in, and passion for technically leading teams, mentoring staff and driving organizational change.
- Demonstrated professional writing/communication skills.
Preferred:
- Bachelor’s degree in Computer Science, IT Security, Information Systems, Engineering, or related field and 12 years of related work experience, or a Master’s degree in Computer Science, IT Security, Information Systems, Engineering, or a related field and 8 years of related work experience as a Cloud Security Engineer or equivalent working experience.
- 3+ years of experience with Linux Administration, OpenShift, Containerization (i.e. Docker), or Kubernetes.
- Significant technical experience in cloud computing technologies and automation.
- Strong understanding of relevant AWS technologies:
- AWS Core - Organizations, Cloudformation
- AWS Networking - VPC, NACL & Peering
- AWS Security - IAM, Config, KMS, Cloudtrail, Cloudwatch, GuardDuty
- AWS Data - Redshift, Aurora, S3 & EBS
- Ability to develop simple scripts and automation in Python.
- Ability to interact with IaaS (AWS / boto) and SaaS cloud systems via API calls.
- Familiarity with SaaS cloud security (e.g., CASB, SCIM, SAML, OIDC).
- Familiarity with Linux systems security.
- Familiarity with infrastructure as code and immutable infrastructure concepts.
- One or more of the following certifications:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Information Systems Security Architecture Professional (ISSAP)
- Information Systems Security Engineering Professional (ISSEP)
- Certified DevSecOps Professional (CDP)
- GIAC Cloud Security Automation (GCSA)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Cloud Security Professional (CCSP)
- GIAC Defensible Security Architecture (GDSA)
- GIAC Cloud Security Essentials (GCLD)
- Certified DevSecOps Professional (CDP)
- AWS, Google, or Azure Architecture Certification
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.